 Welcome to this special CUBE conversation. As part of our recognition of cybersecurity awareness month, Steve Keniston is here as a senior cybersecurity consultant at Dell Technologies, Steve, good to see you. Good to see you, Dave. Glad to be back on theCUBE. So look, lots has changed in cyber over the last couple of years and we want to update the audience on the major trends. I want to start with the AI heard around the world. I would argue that prior to the announcement of chat, the good guys, the technology vendors had more access to AI. In fact, I would say most access to AI. And then all of a sudden open AI releases all these tools. Now you're getting, the bad guys have more access and could do more bad things. How has that affected sort of what you've seen in the trend landscape? Well, the first thing I would ask is, you really think that's fair ground, Dave? The AI only used by the technology vendors? I know, definitely not only, but I would say that they predominantly had the best AI tech and then like take phishing emails, for instance, how many bad phishing emails have you seen over the years? And I think, I actually think they're getting better, right? Cause you can run them through chat GPT or give me some malicious code that AI will generate for you. So I would say in general, I think the consensus is, I wonder if what you think about this is that initially the release of chat GPT helps the bad guys, but over time we'll reach some kind of equilibrium that might even help the good guys. What do you think about that? I actually like where you're going with that, Dave, cause I think in my mind I have two avenues or two paths at which gen AI can really be helpful towards cyber security. Well, not to both avenues being helpful. One avenue is how are the bad guys going to leverage it and what are they going to be able to do to you? And then one is, is how is it going to be helpful to a lot of the security tools and technology that are out there that are actually going to be used to combat a lot of those threats. But that's really all kind of at the end. I don't know a lot of vendors that have put a lot of gen eight, gen AI into their solutions yet. It's something that we're definitely looking at. But the real question then becomes, you know, do you have a solid foundation in your environment, a solid infrastructure to be able to have a secure environment? What are you looking to do? What have you been doing? Things like reducing your attack surface. Things like being able to detect and respond to threats. Things like being able to recover from a threat. Those are some of the basic foundational building blocks to being able to make sure you have a secure environment. Well, let's talk about, actually I just want to make a comment. I think, you know, you're right. I haven't seen a lot of vendors yet put gen AI because it's generative AI gives you a different answer every time. So that's probably not the best solution. I'm sure there are other ways to certainly of summarizing, you know, maybe automating run books, things like that, which we've already been doing. But come back to reducing the attack surface. What, you know, how do you do that? What are the major trends you're seeing within your customer base as to how they're, you know, effectively achieving that? Yeah, I think there's a list of things you can do to help reduce your attack surface. But a lot of them start with just implementing a zero trust environment, right? Are you doing the things that require you to have a non, an environment where people are not trusted. They're only trusted once they get in and get through the front door and all of the applications behave the same way. They can't just, you know, the castle and moat analogy doesn't work anymore. You can't just come in and use things. So capabilities like multi-factor authentication are being laid out and used a lot these days. And I think it's very helpful. That's a number one way to kind of really help start to reduce that attack surface. Things like roles-based access and getting consistency among who has access to what and what privileges do they have when they're in there. We have things in our backup environment that are a little bit different that they might not think of but things like dual authorization for destructive commands. So you need two people to basically turn that key to the nuclear missile, not just one person. So if you have a rogue employee walking out the door who wants to delete that data pool, you need two people to say, yeah, that's actually the thing we wanna do. So there are some really important things you can do to make sure you're reducing that surface. What I like about what you're saying is the zero trust sometimes is the amorphous concept to people. And you know, when you think about like the NIST framework or the MITRE frameworks, they're really good but they're hard to operationalize. You just gave three examples of the multi-factor authentication, which of course is just good best practice role-based access, which means more granularity and then, you know, two switch authorization. Those are operational policies that you can actually put in place that fit into a more comprehensive zero trust architecture, which of course is, it's a maturity model, right? You know, not like non-zero trust one day and then you wake up and you're zero trust, it's a journey. Yeah, that is the hard thing. I mean, you had to take it step by step and you know, like you said, these frameworks are very big. They can be very intimidating to some customers, especially depending on your size and depending on the skill set that you have inside your company dealing with security. We've actually gone a step further at Dell and we've actually announced Project Fort Zero last year or this year at Dell Technology World. And that's a way to basically one-stop shop, purchase a zero trust infrastructure and put behind it the capability that you're gonna need to be able to secure. Not available yet, right? But will be, you know, in time and US Department of Defense is working with Dell to help implement and put a lot of those partners together to take it, it takes a village, right? We like to say security is a team sport, right? A lot of different folks collaborating and putting things together to be able to deliver a true zero trust environment. Yeah, so Project Fort Zero, typically what Dell does is they'll announce something at Dell Tech World as a project and then a year later they'll productize it. We saw that with, you know, Project Frontier and a number of other projects as well. So I would expect that sometime around next May. What about remote work and now hybrid work? You've seen an interesting trend. I mean, obviously remote work changed the world and then you had hybrid work, now you're seeing a lot of people force back to the office so people having to beef up the corporate networks again. So how has that affected just the overall attack surface? Yeah, I think that's one of the number one areas where things like multi-factor authentication can be incredibly helpful, right? So it used to be once you came into that office and you sat at your desktop in your PC, you were inside the corporate firewall, inside the network and you had access to anything that you wanted, right? Now everybody's outside and they have to be able to get in but not everybody has access to everything, right? Before when I was inside I might have had access to everything but I was considered trusted because at my badge I got through the front door that was fine. Now any application that I need, I actually need explicit permission to be able to use and if I have that and I have my multi-factor authentication key card and every time I try to use it I have to authenticate who I am, now I'm getting, the organization is getting more secure and more granular about who has permission to do what and who can actually have access to those corporate jewels. So this point you're making about used to be if I'm behind the firewall I'm safe, it no longer is so that means that threat detection and response becomes much more important. So what are you seeing there as trends and what is Dell doing in that area? Yeah, so we have a number of different tools starting with our managed detection response team that helps to implement some technology in your environment that actually goes and looks to see what's happening, looks at the trends and this is where we talked about gen AI. Dell uses a lot of AI to be able to help capture things like anomalies that are happening within your environment, changes that shouldn't be happening and send a warning. Now in some cases, those warnings might be a false positive, but at least it's a warning that it's not normal and hey, you better pay attention and see what's going on. And our services organization helps to monitor that. So again, along the skills gap range, you have an extra set of eyes who is paying attention to the things that are going on within your environment and you can even graduate that to an XDR, an advanced set of security onsite, looking for these kind of anomalies to be able to send up a warning, help you stop gap what's going on. And we should go back to another great solution that helps you to reduce the attack surface but is caught by this threat detection, this detection response, is doing things like network segmentation. So if I detect an issue within my, let's say my Oracle database for my financials, if it's network segmented only to that area, then the bad actors aren't going to automatically, they might figure it out, but they're not automatically going to get through to my other database, maybe my Salesforce database or some other database, right? So being able to detect and respond and actually mitigate that blast rays, where things are going and that sort of thing, that's all about detecting. What about the backup and recovery strategies? How have they evolved? Prior to the pandemic, a lot of people said that our business resiliency strategy was really based upon DR, which was essentially an architecture that was designed for an event that was going to occur once every 10 years. They said, wow, now the combination of pandemic and increased cyber threats means that our business resilience strategy needs to evolve. And so part of that is being able to recover and that's why a lot of the attackers go after the backup corpus. So what are you seeing as trends there? Yeah, I think with my knowledge and experience in backup, that's right in my wheelhouse. And I see a lot of changes and a lot of trends going on in that space that are very good that a while ago, you might've thought we're negative, but aren't necessarily today. Things like, the first thing I always tell customers is stop architecting for backup. Start architecting for recovery. Today we have tools and solutions that can back up a petabyte of data in the evening. Big deal. If I can't get back the two terabyte database I need that runs my business, I don't care how much data I backed up last night, right? So start thinking about what, first of all, what is it that runs your business and what are you gonna back up and protect and how are you going to do that? And this is where I see one of those trends of, in the day we used to say one backup vendor, simplify your life, make your organization simple. Things like snapshotting, snapshot backups, replicated backups, backups to vaults, right? These all make sense depending on the data type that you have, right? So technologies like snapshot based backups that can do instantaneous recovery and this will get to another point that I wanna make is now I know if I can do instantaneous recovery for that small data set, even though that product might be a little bit more expensive, it's different than my streaming media solution that's backing everything up to tape or big disk drives. I know for a fact I can get the business back up and running really quickly with that solution, right? And I can worry about the 85% of other stuff that is Steve's PowerPoint that nobody really cares about. I can get that back a day or so late, right? But I can get my business back to operational and that's really important. The other nice thing about having solutions that allow you to do things like instantaneous recovery is testing. Remember in the disaster recovery world, you say you didn't have a disaster recovery plan if you didn't test the plan? Same thing happens with your cybersecurity plan. Which you didn't test, it was too risky. It was too risky, but too hard, right? Too difficult, right? But now when I can just mount that VM, recover and mount that VM, test it, make sure it works, I can even use some automation tools which is really becoming more prevalent these days to make sure that Active Directory came up before my LDAP server that became, before my exchange database to make sure that I could actually get to my email when it came up. I can do that now in a matter of a few mouse clicks, right? Or I can automate that and say do this and have my coffee and come back and test it. If it works great and I feel safe, I feel confident that I'm protected, if it doesn't work, then I can change my automation schedule or I can click this, this, that and the other thing and it comes up in the order that I want and boom, now I have that confidence again, right? So that's important. How are customers dealing with tools creep? You think about threat detection. You got intrusion detection, you got to worry about endpoint, you've got the SIM tools that are kind of legacy but have been around, right? And they're part of the compliance and audit makes you have them. So you've still got this tools creep problem. How are you guys solving that? Is you guys come with a one-stop shop? Is it a services play? How are customers dealing with that? Yeah, that's a really good question from the standpoint of it happens. This has been happening throughout IT for decades, right? No matter what the technology was. One of the things that we're doing at Dell, so first of all, there's no one-stop shop, right? I mean, no one vendor does everything 100% the way you would want it, right? But one of the things that Dell has done is we actually have a security team within the organization, within our infrastructure group. That does something to ensure that all the solutions, so servers, networking, storage, data protection, CloudIQ, that they can run a consistent MFA solution or they can run a consistent roles-based access solution or that they can run a consistent, other security solution. And the premise behind that is to say, if a customer has decided that they want to use one of these MFA tools, we can say that we can make your life a lot simpler. You're not learning four or five new different tools for each type of login that you want. You have consistency among all of your tools, right? So that's one way, right? I think another way that's going to help, and we'll get to this a little bit later, is JNAI will be able to help solve some of that in the future, right, but not right now. What should customers think about in terms of incident response planning? I mean, obviously it starts with planning, but how can you help customers sort of update their thinking and their protocols for incident response? Yeah, I think one of the bigger things that happens in incident response planning is the first thing everybody thinks of is this is an IT issue, right? And what are you going to recover first, which is a good part of the plan, right? You got to know what's going to keep the business operational, but all these other things that make a difference, like how do you notify your customers? Who should be notified? Do you have, how does your website operate? Is it partners come to your site and deliver you things? How do you notify your partners so that you can then, in turn, notify your customers? Are you in a regulated industry? What's your communication protocol out to that part of the industry, right? Or out to the consumer base, right? Are you publicly held, right? What do you need to say? All of those things make up an incident response plan. It's not just about the technology components that are in place to help you recover the data to get the business running again. That's 50% of it. The other 50% is who is responsible for the notification? How does that notification go out? Do you notify the police? Do you have to notify the FBI? Who does that? How does that happen? Have you tested, I say tested that, but have you called them and said, hey, if I call you, how do you respond? How do you want me to respond to you? What data do you want me to collect for you? Those are all pieces of that overall incident response plan that you need to have in place. And again, practice that plan. Should I pay the ransom? You know, it's funny. We just did an interesting survey with the Enterprise Storage Group and 57% of the people that paid, paid again to make sure they got all of their data back and they still didn't get it all back, but they paid twice to be as sure as they could be. I mean, you know, don't negotiate with terrorists, but I mean, at the end of the day, we did an onstage interview with a customer at Dell Technology World and they paid, and they paid because they just wanted to be sure to give the confidence to the consumer that by paying, they were doing everything in their power to ensure that everything was back. No, they won't confirm or deny that they got everything, but they went through the motions to make sure that that was gonna happen. There's some legal risks there too, right? If you're paying a rogue state like North Korea, if it happens that the attack came out of North Korea, it's actually illegal to pay a terrorist like you said. So, it's a really complicated situation. You said you want to come back to Gen AI. What do you want to come back to? Is it a, does it help with skills? Does it help with automation? What did you want to sort of touch on? I think the answer to all that is yes, right? I think we know, like you said in the beginning, that Gen AI is going to cause a massive amount of attacks. Just like Gen AI can help you scale your business from a security standpoint to be able to put tools in place and actually monitor what's going on and have all of that be automated, that's fantastic. So can the threat actors, right? The threat actors can now scale. Like you said, they can, any type of different phishing email now they can make sure it's punctuated, not just the right way, but we have seen examples where they purposely misspell words that your boss might misspell, right? So it's like, oh, it's going to be real. He always misspells L or she always misspells that word. So that's going to be from that person, right? And then you go off and you do the event, right? And it's like, all of a sudden there's a problem, right? So I do think it's going to help with the skills gap because I do think in many ways I've done some early investigation in some work and I know you know these guys, the chaos search guys that can actually look at log files and allow you to ask specific questions about what should I be looking for and where so you don't have to have a lot of knowledge but if you ask the right questions it can tell you what to go look for. And so while training is ultimately really, really important not just training your employees not to click on that mail but training your employees in IT of what solutions that they should be going to look at and what's new on the truck that can help them subvert the adversary. These are some ways that you can actually get a lot of that stuff in place before they actually get that deep level of education. But having that education is obviously very, very important because the user can mess up great security any day. I mean some CSO say don't click on links. Well, how can I not click on links? Don't click on links. Well, but if you send me a YouTube, okay if it's coming from me, maybe it's okay but just think twice. Now all of a sudden the lines are great, right? Well me, well what about the CEO? Oh well, that's okay too. Well now, right, now the world's getting bigger, right? So. All right Steve, hey, we'll give you the last word. Thanks for the support and Cybersecurity Awareness Month. It's a big deal and something that I think as part of that security culture forces us all. It's no longer an IT thing. It's no longer just a board thing. It's a middle out everybody thing. Give you the last word. Yeah, I think we're really excited about Cybersecurity Awareness Month. I think what this allows us to do is to really just hopefully provide a great educational platform for folks. Not necessarily talk a lot about products and solutions but talk about things you need to be paying attention to within your environment. Now of course everything costs money, right? So, but what should I be paying attention to? What type of assessment should I be looking at? How can I properly think about where my gaps are in my environment and how do I balance that with risk and also my budget, right? Those three things play this tricky balancing act and we just want to help close that gap. Well, thanks for the good work that you do and the folks at Dell Technologies appreciate your time. Thanks, dude. You're welcome. All right, thank you for watching this CUBE Conversation. This is Dave Vellante and we'll see you next time.